Detection from GrapheneOS.

Shidapu

Duck Detector detects Virtualization by GeapheneOS. Only way to hide it is by using compatibility mode.

See log:

========================================

Duck Detector — Security Scan Report

App Version : 2026.06.02-e9152c36f45c (474)
Build Hash : e9152c36f45c
Build Time : 2026-06-02 13:18:23 (UTC)
Report Time : 2026-06-03 12:16:57 (GMT+02:00)

----- OVERVIEW -----
Status : Danger
Summary : Start with Virtualization and TEE.

Metrics:
Danger: 1
Warning: 1
Ready: 15
Pending: 0

----- TOP FINDINGS -----
[DANGER] Virtualization
1 direct virtualization signal(s)
The current app context contains direct emulator, AVF guest, device-node, classpath, UID, or runtime-service evidence.
[WARNING] TEE
Policy-backed attestation evidence needs review
Built-in local revocation floor matched a certificate serial associated with mass abuse.

----- DETECTOR CARDS -----

[DANGER] Virtualization
Verdict: 1 direct virtualization signal(s)
Impact:
References:
• Android Virtualization Framework: https://source.android.com/docs/core/virtualization
• Android Emulator: https://developer.android.com/studio/run/emulator
• AOSP property_contexts: https://android.googlesource.com/platform/system/sepolicy/+/refs/heads/main/private/property_contexts

[WARNING] TEE
Verdict: Policy-backed attestation evidence needs review
Highlight signals:
Local chain: Verified
Boot: Matched
Signals: 0 policy hard • 1 policy review • 0 local
CRL: Mass abuse
Trust:
Local chain: Verified
Trust root: Google root
Chain layout: len 4 • ext 1 • trusted #1
RKP: Not observed
CRL: Built-in snapshot • mass abuse
Root fingerprint: feb2ea7551ee...
Attestation:
Tier: StrongBox • attest TEE • keymaster TEE
Versions: attest 400 • keymaster 400 • Android 16.0.0
Challenge: Matched • len=32, sha256=d08964e11bf9, b64=o//NOIkjA0FkEmhdTS
Verified boot: Verified • locked • b667aed0342c
Boot consistency: Matched • Attested verifiedBootHash matched ro.boot.vbmeta.digest.
Device IDs: Not included in attestation
Key properties: EC 256 • P-256 • Generated
User auth: No user auth required
Application: 1 package(s) • 1 signer digest(s)
Checks:
Indicators: 0 policy hard • 1 policy review • 0 local
Key pair: Signature matched certificate • 4946us
AES-GCM: Round-trip ok • TEE • 10234us enc
Lifecycle: Delete ok • fresh material
Timing: Median 8908us
Timing side-channel: Register timer • bound_cpu0 • attested 1.269ms • non-attested 1.167ms • diff 0.102ms • ratio 1.088x • threshold > 1.1x • failedPairs=0/500 • outlierFiltered=31/500 • samples=469 • Not positive
Oversized challenge: Rejected 256B • 512B • 4096B
TEE Simulator generate-mode fingerprint: No TEE Simulator generate-mode fingerprint observed.
Keybox: Marker preserved
ImportKey narrative: Clean • kind=NONE, origin=IMPORTED, imported marker leaf returned without retained prior narrative.
Grant isolated-domain: Clean kind=NONE length=4 uid=99047 • Public: readback failed (public isolated readback failed: IllegalStateException: Could not connect to Keystore service. Keystore may have crashed or not been initialized). | Hidden: readback failed (hidden isolated readback failed: IllegalStateException: Could not connect to Keystore service. Keystore may have crashed or not been initialized). | Private: clean (Owner alias and grantee Domain.GRANT ordered full-chain fingerprints matched.)
Grant caller binding: Clean kind=NONE uid=99048 ownerReplay=KEY_NOT_FOUND • Private: owner replay rejected with KEY_NOT_FOUND.
Grant access vector: Clean kind=NONE uid=99049 accessVector=256 granteeRead=PERMISSION_DENIED • Private: grantee getKeyEntry(GRANT) rejected with PERMISSION_DENIED.
Grant self-domain: Clean kind=NONE length=4 grantId=true • Public: clean (Owner alias and grantee Domain.GRANT ordered full-chain fingerprints matched.) | Hidden: clean (Owner alias and grantee Domain.GRANT ordered full-chain fingerprints matched.) | Private: clean (Owner alias and grantee Domain.GRANT ordered full-chain fingerprints matched.)
Keystore2: Unexpected reply
Legacy keystore: Legacy path not observed
listEntries: containsAlias and aliases aligned
listEntriesBatched: Cursor semantics aligned
Metadata key: KEY_ID normalized
Metadata shape: System fields present
Pure cert: Null key as expected
Pure cert level: No security level exposed
Pure cert metadata: Metadata security level exposed
Operation path: Native-style errors • updateAadServiceSpecific=true, oversizedUpdateRejected=true, abortInvalidatedHandle=true, compatFallback=false
Biometric TEE: User-auth key path available
Binder hook: Hook installed
Patch mode: generateKey/getKeyEntry aligned
Binder chain: Java and binder chains aligned • cycle1=keystoreVsGetKeyEntry=true, generateVsGetKeyEntryLeaf=true, generateVsGetKeyEntryChain=true, keystoreChainLength=4, getKeyEntryChainLength=4, cycle2=keystoreVsGetKeyEntry=true, generateVsGetKeyEntryLeaf=true, generateVsGetKeyEntryChain=true, keystoreChainLength=4, getKeyEntryChainLength=4, suspiciousLeafIssuerSpki=false, deleteEntryRemovedAlias=true
Update path: No anomaly
Update persistence: Clean kind=NONE prior=4 post=1 leafMatchesMarker=true • kind=NONE, marker leaf returned without retained prior narrative.
Pruning: 2/18 invalidated
Dual algorithm: RSA/EC chains aligned
ID attestation: No comparable IDs exposed
StrongBox: Available • StrongBox
Native: libbinder.so ioctl GOT entry matched libc. | ioctl prologue matched the on-disk image. | Keystore-style binder honeypot stayed within normal bounds across 3 runs. median_gap=163ns, gap_mad=122ns, noise_floor=10000ns, median_ratio=105%. Keystore-style binder honeypot timing stayed within normal bounds across redundant backends. asm=med2848ns/mad122ns/p954965ns, libc=med2889ns/mad122ns/p953581ns, syscall=med2889ns/mad122ns/p953458ns gap=41ns, noise_floor=10000ns, ratio=101% timer=arm64_cntvct, affinity=bound_cpu0.
0/3 suspicious runs • median gap 0.2us • gap MAD 0.1us • noise floor 10.0us • median ratio 1.05x
arm64_cntvct • bound_cpu0
Soter: Soter check skipped because the Treble service was not reachable.
Network: Built-in revocation snapshot is active; online refresh is disabled in Settings. This certificate chain matched 1 revoked/suspended entry.
Certificate count: 4

--- TEE detailed export ---
Policy-backed attestation evidence needs review
Built-in local revocation floor matched a certificate serial associated with mass abuse.

Verdict: SUSPICIOUS
Tier: STRONGBOX
Trust root: GOOGLE
Trust summary: Local trust path: Google root, chain verified
Tamper score: 8
Evidence count: 51
Network: Built-in revocation snapshot is active; online refresh is disabled in Settings. This certificate chain matched 1 revoked/suspended entry.
Soter: Soter check skipped because the Treble service was not reachable.

Trust

Local chain: Verified
Trust root: Google root
Chain layout: len 4 • ext 1 • trusted #1
RKP: Not observed
CRL: Built-in snapshot • mass abuse
Root fingerprint: feb2ea7551ee...

Attestation

Tier: StrongBox • attest TEE • keymaster TEE
Versions: attest 400 • keymaster 400 • Android 16.0.0
Challenge: Matched • len=32, sha256=d08964e11bf9, b64=o//NOIkjA0FkEmhdTS
Verified boot: Verified • locked • b667aed0342c
Boot consistency: Matched • Attested verifiedBootHash matched ro.boot.vbmeta.digest.
Device IDs: Not included in attestation
Key properties: EC 256 • P-256 • Generated
User auth: No user auth required
Application: 1 package(s) • 1 signer digest(s)

Checks

Indicators: 0 policy hard • 1 policy review • 0 local
Key pair: Signature matched certificate • 4946us
AES-GCM: Round-trip ok • TEE • 10234us enc
Lifecycle: Delete ok • fresh material
Timing: Median 8908us
Timing side-channel: Register timer • bound_cpu0 • attested 1.269ms • non-attested 1.167ms • diff 0.102ms • ratio 1.088x • threshold > 1.1x • failedPairs=0/500 • outlierFiltered=31/500 • samples=469 • Not positive
Oversized challenge: Rejected 256B • 512B • 4096B
TEE Simulator generate-mode fingerprint: No TEE Simulator generate-mode fingerprint observed.
Keybox: Marker preserved
ImportKey narrative: Clean • kind=NONE, origin=IMPORTED, imported marker leaf returned without retained prior narrative.
Grant isolated-domain: Clean kind=NONE length=4 uid=99047 • Public: readback failed (public isolated readback failed: IllegalStateException: Could not connect to Keystore service. Keystore may have crashed or not been initialized). | Hidden: readback failed (hidden isolated readback failed: IllegalStateException: Could not connect to Keystore service. Keystore may have crashed or not been initialized). | Private: clean (Owner alias and grantee Domain.GRANT ordered full-chain fingerprints matched.)
Grant caller binding: Clean kind=NONE uid=99048 ownerReplay=KEY_NOT_FOUND • Private: owner replay rejected with KEY_NOT_FOUND.
Grant access vector: Clean kind=NONE uid=99049 accessVector=256 granteeRead=PERMISSION_DENIED • Private: grantee getKeyEntry(GRANT) rejected with PERMISSION_DENIED.
Grant self-domain: Clean kind=NONE length=4 grantId=true • Public: clean (Owner alias and grantee Domain.GRANT ordered full-chain fingerprints matched.) | Hidden: clean (Owner alias and grantee Domain.GRANT ordered full-chain fingerprints matched.) | Private: clean (Owner alias and grantee Domain.GRANT ordered full-chain fingerprints matched.)
Keystore2: Unexpected reply
Legacy keystore: Legacy path not observed
listEntries: containsAlias and aliases aligned
listEntriesBatched: Cursor semantics aligned
Metadata key: KEY_ID normalized
Metadata shape: System fields present
Pure cert: Null key as expected
Pure cert level: No security level exposed
Pure cert metadata: Metadata security level exposed
Operation path: Native-style errors • updateAadServiceSpecific=true, oversizedUpdateRejected=true, abortInvalidatedHandle=true, compatFallback=false
Biometric TEE: User-auth key path available
Binder hook: Hook installed
Patch mode: generateKey/getKeyEntry aligned
Binder chain: Java and binder chains aligned • cycle1=keystoreVsGetKeyEntry=true, generateVsGetKeyEntryLeaf=true, generateVsGetKeyEntryChain=true, keystoreChainLength=4, getKeyEntryChainLength=4, cycle2=keystoreVsGetKeyEntry=true, generateVsGetKeyEntryLeaf=true, generateVsGetKeyEntryChain=true, keystoreChainLength=4, getKeyEntryChainLength=4, suspiciousLeafIssuerSpki=false, deleteEntryRemovedAlias=true
Update path: No anomaly
Update persistence: Clean kind=NONE prior=4 post=1 leafMatchesMarker=true • kind=NONE, marker leaf returned without retained prior narrative.
Pruning: 2/18 invalidated
Dual algorithm: RSA/EC chains aligned
ID attestation: No comparable IDs exposed
StrongBox: Available • StrongBox
Native: libbinder.so ioctl GOT entry matched libc. | ioctl prologue matched the on-disk image. | Keystore-style binder honeypot stayed within normal bounds across 3 runs. median_gap=163ns, gap_mad=122ns, noise_floor=10000ns, median_ratio=105%. Keystore-style binder honeypot timing stayed within normal bounds across redundant backends. asm=med2848ns/mad122ns/p954965ns, libc=med2889ns/mad122ns/p953581ns, syscall=med2889ns/mad122ns/p953458ns gap=41ns, noise_floor=10000ns, ratio=101% timer=arm64_cntvct, affinity=bound_cpu0.
0/3 suspicious runs • median gap 0.2us • gap MAD 0.1us • noise floor 10.0us • median ratio 1.05x
arm64_cntvct • bound_cpu0
Soter: Soter check skipped because the Treble service was not reachable.

Certificates

Attestation certificate: DuckDetector Tee -> 2.5.4.5=#13203666653266393139633165396438373736363535366239613966303731633531,2.5.4.12=#0c03544545
Intermediate 1: 2.5.4.5=#13203666653266393139633165396438373736363535366239613966303731633531,2.5.4.12=#0c03544545 -> 2.5.4.5=#13206464316638646233626639376530633362653834643931623436366266656635,2.5.4.12=#0c03544545
Intermediate 2: 2.5.4.5=#13206464316638646233626639376530633362653834643931623436366266656635,2.5.4.12=#0c03544545 -> 2.5.4.5=#131066393230303965383533623662303435
Root certificate: 2.5.4.5=#131066393230303965383533623662303435 -> 2.5.4.5=#131066393230303965383533623662303435

[INFO] Custom ROM
Verdict: Custom ROM scan has reduced coverage
Impact:

[INFO] Kernel Check
Verdict: CVE patch state is informational
Impact:

[INFO] LSPosed
Verdict: LSPosed scan has reduced coverage
Impact:

[INFO] Native Root
Verdict: Native root scan has reduced coverage
Impact:

[INFO] SELinux
Verdict: Enforcing with reduced app_zygote coverage
Impact:
Policy notes:
Audit notes:
References:
• SELinux paradox: permission denied can prove enforcing mode.
• Enforcing mode blocks disallowed actions instead of only logging them.
• Production Android devices are expected to run enforcing SELinux.
• app_zygote can query SELinux context validity through selinux_check_context, which ultimately writes to /sys/fs/selinux/context.
• A dedicated app_zygote carrier can also probe privileged context materialization by writing candidate labels to /proc/self/attr/current and classifying non-EINVAL outcomes.
• The policyload/access seqno oracle must be captured inside zygotePreloadName; the isolated child may lose app_zygote SELinuxfs access and should downgrade missing coverage to info.
• Audit or log surfaces can be rewritten in user space, so missing suspicious tcontext values is not always proof.
• Readable AVC denial lines should be treated as audit-surface leakage, not as direct proof of a root process.
• comm, exe, path, and name fields inside AVC logs are supporting hints, not standalone proof of a live su daemon.

[INFO] System Properties
Verdict: System property scan has reduced coverage
Impact:

[CLEAR] Bootloader
Verdict: Locked and attested verified
Impact:

[CLEAR] Dangerous Apps
Verdict: No known risky packages
Context:
Inventory: 118 legacy packages
PackageManager: Full inventory access
Visible packages: 306
Categories: None
Probe families: PackageManager, createPackageContext + ZipFile, Open APK FD, Android/data Directory Listing +9
Target apps:
LSPosed Manager (org.lsposed.manager) [Hook framework]
LSPatch (org.lsposed.lspatch) [Hook framework]
Xposed Installer (de.robv.android.xposed.installer) [Hook framework]
Magisk alpha (io.github.vvb2060.magisk) [Hook framework]
Magisk (com.topjohnwu.magisk) [Hook framework]
TaiChi (me.weishu.exp) [Hook framework]
SimpleHook (me.simpleHook) [Hook framework]
HookVip Pro (top.hookvip.pro) [Hook framework]
JiuWu Hook (Hook.JiuWu.Xp) [Hook framework]
HookVip (com.bug.hookvip) [Hook framework]
Lin Xposed (lin.xposed) [Hook framework]
Hide My Applist (com.tsng.hidemyapplist) [App hiding]
HMA (com.tsng.pzyhrx.hma) [App hiding]
Hide Blacklist (com.topmiaohan.hidebllist) [App hiding]
Zako Hide (zako.zako.zako) [App hiding]
SuperSU (eu.chainfire.supersu) [Root tool]
Superuser (com.noshufou.android.su) [Root tool]
Superuser (com.koushikdutta.superuser) [Root tool]
Superuser (com.thirdparty.superuser) [Root tool]
SU (com.yellowes.su) [Root tool]
KingRoot (com.kingroot.kinguser) [Root tool]
KingoRoot (com.kingo.root) [Root tool]
OneClickRoot (com.smedialink.oneclickroot) [Root tool]
KSU Next (com.rifsxd.ksunext) [Root tool]
KSU WebUI (io.github.a13e300.ksuwebui) [Root tool]
SuKiSu Ultra (com.sukisu.ultra) [Root tool]
ReSukisu (com.resukisu.resukisu) [Root tool]
SKRoot (com.linux.permissionmanager) [Root tool]
Fake Location (com.lerist.fakelocation) [Fake location]
Motion Emulator (com.zhufucyd.motion_emulator) [Fake location]
VIP Kill (com.cshlolss.vipkill) [Cracking / mod]
Modify Installer (com.modify.installer) [Cracking / mod]
Lucky Patcher (lucky.patcher) [Cracking / mod]
Lucky Patcher (com.chelpus.lackypatch) [Cracking / mod]
Lucky Patcher (com.android.vending.billing.InAppBillingService.LUCK) [Cracking / mod]
APKTool (ru.maximoff.apktool) [Cracking / mod]
MT Manager (bin.mt.termex) [Cracking / mod]
QAuxiliary (io.github.qauxv) [QQ / WeChat hook]
WeChat Xposed (com.fkzhang.wechatxposed) [QQ / WeChat hook]
BiliRoaming (me.iacn.biliroaming) [QQ / WeChat hook]
HookQQ (com.padi.hook.hookqq) [QQ / WeChat hook]
TIM Tool (top.sacz.timtool) [QQ / WeChat hook]
HyperCeiler (com.sevtinge.hyperceiler) [System modification]
Thanox (github.tornaco.android.thanos) [System modification]
ShortX (tornaco.apps.shortx) [System modification]
Scene (com.omarea.vtools) [System modification]
Customiuizer (name.monwf.customiuizer) [System modification]
Codestore Toolkit (com.coderstory.toolkit) [System modification]
Device ID Changer (com.silverlab.app.deviceidchanger.free) [Device ID modification]
Guise (com.houvven.guise) [Device ID modification]
IMPad (com.houvven.impad) [Device ID modification]
Privacy Space (cn.geektang.privacyspace) [Privacy bypass]
Shizuku (moe.shizuku.privileged.api) [Privacy bypass]
Storage Isolation (me.gm.cleaner) [Privacy bypass]
Storage Redirect (moe.shizuku.redirectstorage) [Privacy bypass]
Freezer (nep.timeline.freezer) [Freezer / background]
NoActive (cn.myflv.noactive) [Freezer / background]
StopApp (web1n.stopapp) [Freezer / background]
Termux (com.termux) [Terminal / dev]
ADB Helper (com.didjdk.adbhelper) [Terminal / dev]
IceCore (me.bingyue.IceCore) [Misc]
Dyoo (o.dyoo) [Misc]
Serendipity (com.demo.serendipity) [Misc]
AutoDaily (me.teble.xposed.autodaily) [Misc]
Portal (moe.fuqiuluo.portal) [Misc]
XposedSmsCode (com.github.tianma8023.xposed.smscode) [Misc]
HKF (xzr.hkf) [Misc]
Konabess (xzr.konabess) [Misc]
DataBackup (com.xayah.databackup.foss) [Misc]
ByYoung Setting (com.byyoung.setting) [Misc]
Algorithm Aide Pro (com.junge.algorithmAidePro) [Misc]
Atlas Toolbox (tmgp.atlas.toolbox) [Misc]
NP App (com.wn.app.np) [Misc]
Saas i18n (top.bienvenido.saas.i18n) [Misc]
QuickPay (com.syyf.quickpay) [Misc]
ShortX Ext (tornaco.apps.shortx.ext) [Misc]
Mio Kitchen (com.mio.kitchen) [Misc]
XLua (eu.faircode.xlua) [Misc]
DNA Tools (com.dna.tools) [Misc]
NoActive Monitor (cn.myflv.monitor.noactive) [Misc]
Card Emulator Pro (com.yuanwofei.cardemulator.pro) [Misc]
Oshin (com.suqi8.oshin) [Misc]
Wauxv (me.hd.wauxv) [Misc]
Have Fun (have.fun) [Misc]
Miko Client (miko.client) [Misc]
FCM Fix (com.kooritea.fcmfix) [Misc]
Twifucker (com.twifucker.hachidori) [Misc]
LuckyTool (com.luckyzyx.luckytool) [Misc]
Lyric Getter (cn.lyric.getter) [Misc]
MICTS (com.parallelc.micts) [Misc]
Plusne (me.plusne) [Misc]
App Retention (com.hchen.appretention) [Misc]
Switch Freeform (com.hchen.switchfreeform) [Misc]
XiaoWine Lyric (cn.aodlyric.xiaowine) [Misc]
RE Telegram (nep.timeline.re_telegram) [Misc]
Fuck Rimet (com.fuck.android.rimet) [Misc]
Kwai Hook (cn.kwaiching.hook) [Misc]
Android X (cn.android.x) [Misc]
IAmNotDisabled (cc.aoeiuv020.iamnotdisabled.hook) [Misc]
Kwai Tao (vn.kwaiching.tao) [Misc]
Plusne (com.nnnen.plusne) [Misc]
HMS Push (one.yufz.hmspush) [Misc]
XiaoWine (cn.fuckhome.xiaowine) [Misc]
TSBattery (com.fankes.tsbattery) [Misc]
IAMRKG (com.rkg.IAMRKG) [Misc]
Qute (com.ddm.qute) [Misc]
Anqu (kk.dk.anqu) [Misc]
QQ Module (com.qq.qcxm) [Misc]
Wei VIP (com.wei.vip) [Misc]
DKNB (dknb.con) [Misc]
DKNB (dknb.coo8) [Misc]
Jingshi (com.tencent.jingshi) [Misc]
JYNB (com.tencent.JYNB) [Misc]
Apocalua Run (com.apocalua.run) [Misc]
Oppo Theme (io.github.Retmon403.oppotheme) [Misc]
High Refresh Rate (com.fankes.enforcehighrefreshrate) [Misc]
Bootloader Spoofer (es.chiteroman.bootloaderspoofer) [Misc]
Rescue Plan (com.hchai.rescueplan) [Misc]

[CLEAR] Memory
Verdict: No hook-like memory signals
Impact:

[CLEAR] Mount
Verdict: No suspicious mount-layer signal
Impact:

[CLEAR] Play Integrity Fix
Verdict: No Play Integrity residue surfaced
Impact:

[CLEAR] SU
Verdict: No root indicators
Impact:

[CLEAR] Zygisk
Verdict: No Zygisk runtime signal
Impact:
References:
• Cross-process FD trap looks for deleted-path descriptors that should survive clean specialization but may be silently closed by Zygisk-style FD sanitization.
• Native runtime probes correlate NeoZygisk TMP_PATH leakage, linker ownership, restricted-path loading, /proc maps and smaps drift, suspicious thread or fd residue, seccomp trap behavior, and heap entropy.
• Read this card together with Mount and Memory because those cards can still show corroborating Zygisk-facing traces even when this process keeps only partial residue.

----- DEVICE INFO -----
Device Info
Identity:
Brand: google
Manufacturer: Google
Model: Pixel 9a
Device: tegu
Product: tegu
Board: tegu
Build:
Hardware: tegu
Bootloader: tegu-16.4-14791556
Fingerprint: google/tegu/tegu:16/BP4A.260205.001/2026052401:user/release-keys
Build ID: BP4A.260205.001
Incremental: 2026052401
Build type: user
Android:
Tags: release-keys
Build user: android-user
Build host: r-0123456789abcdef-0123
SDK: 36
Release: 16
Codename: REL
Runtime:
Security patch: 2026-05-05
Preview SDK: 0
Primary ABI: arm64-v8a
ABI list: arm64-v8a
32-bit ABIs: Unavailable
64-bit ABIs: arm64-v8a
Context:
Kernel: 6.1.174-android14-11-gf4e508bdefd0
Locale: sv-SE-u-fw-mon
Time zone: Europe/Stockholm
Resolution: 1080 x 2424
Density: 356 dpi (2.2x)
Refresh rate: 120.0 Hz

========================================

End of report

Johnnyloans

Shidapu

People are aware that many apps detect GOS as being different from a normal android phone -- this is why there are app compatibility toggles.

An app saying the same isn't big news.

Shidapu

Johnnyloans If this app can detect the virtualization,others can too. So I think it's relevant looking into hiding that fact.

Edit: Also enabling compatibility mode, defeats the purpose of GrapheneOS security.

23Sha-ger

Shidapu
This is an impossible goal to hide the fact the device is running GOS.
There are dozens if not more metrics to passively fingerprint a device by various identifiers.
An app that detects GOS and fails to run should be replaced by another app. Not the other way around.

Johnnyloans

Hey, sorry I was real straightforward earlier. You're right that solving this would be a great feat and highly desired.

If this app can detect the virtualization,others can too. So I think it's relevant looking into hiding that fact.

This is the same cat-and-mouse issue that VFIO communities run into trying to use Autodesk applications or video games in a VM. The point of a VM is separation from the rest of the system. There are several key tells to know there are restrictions. Lots of information can be spoofed like the RAM model # but the video game can still examine BIOS info, latency, etc and make a guess.

It could be doable to get ahead in this game of cat and mouse until app developers come up with another test. It'd be tough because GOS has lots of security features restricting apps. Also, secondary users on GOS are designed to be different from the owner profile. Making things different but also the exact same is quite the puzzle to solve.

There are already lots of examples of apps saying they need to be on the "system profile" or on an approved Android OS to function properly. This isn't a new discovery that apps detect they are on GOS.

We can't have it both ways. GOS security restricting apps but also apps not detecting that the walls are closing in on them.

Edit: Also enabling compatibility mode, defeats the purpose of GrapheneOS security.

There is a big difference between insecure and less secure. As well as disabling every security measure or 2. For example, secure app spawning stays on even with the app compatibility mode toggled on.

Sometimes, I take off my gloves to manipulate a small object with my fingers better. The key is: I took off my gloves for a nut & screw, not the table saw. A person isn't a fool for doing this for 1 task.

Security and privacy are 2 different things. I don't see many articles about bank apps hacking their customers' devices. Somewhere along the line, we have to trust other people -- we can't guarantee 100% security. After all, we have little supervision over what happens to the food we eat, devices we buy, software we use, or laws that are passed in our area.